# 9 Steps to Install OpenClaw AI Assistant (VPS + Telegram)

You want a personal AI assistant that runs 24/7 and responds to your messages. This workshop-style guide walks you through deploying OpenClaw on a virtual private server (VPS), wiring it up to Telegram, and adding basic guardrails so only you can use it. Plan for about 30–45 minutes.

Before You Start (Read This)

OpenClaw is more like a construction kit than a finished app. It can connect an LLM “brain” (OpenAI, Anthropic, OpenRouter, or even a local model) to tools like files, a terminal, a browser, and third-party APIs. That flexibility is exactly why you should treat it like you would any automation tool with real power.

Security reality check: an agent can be granted very broad permissions on the machine it runs on. Running it on your personal laptop/desktop is not recommended unless you fully isolate it. A VPS is a safer default because you can limit what it can access and wipe/rebuild if needed.

Goal Overview

By the end of this guide, you’ll have OpenClaw running on an Ubuntu VPS and responding via Telegram. You’ll also restrict Telegram access to your user ID, learn where to look for token usage signals, and add a few practical “next skills” safely.

You’ll need: a VPS running Ubuntu 22.04, an SSH client (Terminal on macOS/Linux, Windows Terminal on Windows), a Telegram account, and an API key from an AI provider you plan to use.

Step 1: Choose a VPS (Minimum Specs)

Pick a small VPS with at least 2 GB RAM and 1 vCPU. For most people, that’s enough because the heavy lifting happens on the model provider’s side; OpenClaw mostly orchestrates requests and tools.

Create a new instance and select Ubuntu 22.04. Choose a data center region close to you for better latency. Copy down the server’s public IP address and the initial login method your provider gives you (password and/or SSH key).

Step 2: Connect to Your Server (SSH)

Open an SSH session to the VPS. On macOS/Linux, open Terminal. On Windows, open Windows Terminal. Run (replace YOUR_IP):

ssh root@YOUR_IP

Accept the host key prompt, then authenticate. Once you see a prompt like root@hostname:~#, you’re in.

Tip: If your provider supports SSH keys, switch to key-based login as soon as you can. It’s more secure than passwords and reduces brute-force risk.

Step 3: Update System Packages

Update package lists and install security patches:

sudo apt update && sudo apt upgrade -y

This reduces the chance you’ll hit dependency issues during installation and helps close known vulnerabilities.

Step 4: Install OpenClaw

Install using the project’s installer script:

curl -fsSL https://openclaw.ai/install.sh | bash

Installation takes a few minutes. When it finishes, OpenClaw should be available from the command line. If onboarding doesn’t start automatically, you’ll run it in the next step.

Security note: Piping a script from the internet into bash is convenient but not risk-free. If you want the safer route, open the URL in a browser first, review it, then run it.

Step 5: Pick Your AI Provider (API Key)

Create an API key with your chosen provider. OpenClaw can be used with different providers (for example via aggregators like OpenRouter, or directly with vendors like OpenAI/Anthropic). Costs are based on tokens: longer prompts and longer outputs cost more.

Keep your key private. Treat it like a password—anyone with it can spend your money.

Step 6: Create a Telegram Bot (BotFather)

Get a Telegram bot token:

1. In Telegram, open @BotFather.
2. Send /newbot.
3. Choose a display name (for example, “My OpenClaw Assistant”).
4. Choose a username that ends with bot (for example, myclaw_bot).
5. Copy the token BotFather gives you.

Step 7: Run Onboarding (Bind Model + Telegram)

Start the onboarding wizard:

openclaw onboard

In the wizard:

• Accept the security disclaimer.
• Select a setup mode (QuickStart is fine for a first run).
• Choose your AI provider and complete authorization / paste your API key as prompted.
• Select Telegram as the channel and paste your Telegram bot token.
• You can skip extra skills for now and come back later.

Step 8: Pair Your Telegram Account and Lock It Down

Pairing: After setup, your Telegram bot will typically show a pairing code. Approve it from the server (replace <code>):

openclaw pairing approve telegram <code>

Restrict access to your Telegram user ID:

1. In Telegram (chat with your bot), run /whoami.
2. Copy the numeric User ID it returns.
3. On the server, set the allowed sender list (replace YOUR_USER_ID):

openclaw config set channels.telegram.allowFrom '["YOUR_USER_ID"]' --json

This is the single most important “permission limit” for a Telegram-based setup: it prevents strangers from driving your agent if they discover the bot username.

Step 9: Test and Check Status

Send a test message to your bot in Telegram (for example, “Summarize today’s top tech news in 5 bullets”). If it responds, your core setup works.

To check basic status from Telegram, try /status (if enabled in your build). On the server side, you can also inspect service logs if your installer configured OpenClaw to run as a service:

journalctl -u openclaw -n 50 --no-pager

If your environment doesn’t use systemd (or the service name differs), use the logging guidance from your installer output and OpenClaw docs.

Token Costs and Spend Control (Practical)

Token billing can surprise people because long chats build up context. Use these habits:

• Prefer smaller prompts and ask for concise outputs.
• Reset long-running chats (if your Telegram commands include something like /reset) when a thread gets huge.
• Watch your provider dashboard for spend and set budget alerts/limits there whenever possible.

Security Checklist (Do This After It Works)

• Run the built-in audit: openclaw security audit
• Be selective with “skills” and integrations. Treat third-party skills as untrusted code. Malicious or compromised skills can exfiltrate secrets or execute harmful actions.
• Assume prompt injection is real. If the agent can browse the web or read arbitrary content, it can be tricked into doing unsafe things unless you set strict rules and permissions.
• Keep secrets out of chat. Don’t paste API keys or passwords into Telegram messages.

Troubleshooting

Problem: SSH Connection Refused

Solution: Confirm you’re using the right IP, that the VPS is running, and that inbound port 22 is allowed in your provider firewall. If you enabled a host firewall, verify it allows SSH.

Problem: Installer Fails

Solution: Re-run Step 3 updates, then retry the installer. If errors mention missing dependencies, follow the installer output or the official OpenClaw installation documentation for your OS version.

Problem: Bot Doesn’t Respond

Solution: Double-check (1) the Telegram bot token, (2) your AI provider key, and (3) whether you restricted access correctly in Step 8 (a wrong user ID will block you). Then review logs if available (journalctl -u openclaw -n 100).

Problem: Costs Are Higher Than Expected

Solution: Shorten prompts, reset long chats, and switch to a cheaper model in your configuration. The most reliable cost tracking is in your AI provider’s billing/usage dashboard.

Next Steps (Practical Skills Without Overreaching)

Add one small automation first. For example: a daily summary message, a flight price checker, or a “/bus” command that scrapes a public transit page (if no API exists). Start with read-only tasks before you allow actions like editing files, sending emails, or posting to external services.

Explore skills carefully. OpenClaw has a large skills ecosystem (often via a marketplace/community hub). Install only what you understand and trust, and re-run openclaw security audit after adding integrations.

References

OpenClaw Documentation. (2026). OpenClaw GitHub Repository. Retrieved from https://github.com/openclaw/openclaw

OpenClaw Installation Guide. (2026). Installation and Configuration. Retrieved from https://docs.openclaw.ai/installation

NIST Special Publication 800-63B. (2020). Digital Identity Guidelines: Authentication and Lifecycle Management. National Institute of Standards and Technology.

Closing

You now have a personal assistant running on a VPS you control, reachable from Telegram, and restricted to your user ID. From here, your biggest wins come from careful, incremental automation: keep permissions tight, watch token spend in your provider dashboard, and treat new skills as potentially risky until proven otherwise.